diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ae9760a3f..20ad7f552 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -475,34 +475,21 @@ def checkSqlInjection(place, parameter, value): injectable = True - if injectable and kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): - if all((falseCode, trueCode)) and falseCode != trueCode: - conf.code = trueCode + if injectable: + if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): + if all((falseCode, trueCode)) and falseCode != trueCode: + conf.code = trueCode - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code) - logger.info(infoMsg) - else: - trueSet = set(extractTextTagContent(trueRawResponse)) - trueSet = trueSet.union(__ for _ in trueSet for __ in _.split()) - - falseSet = set(extractTextTagContent(falseRawResponse)) - falseSet = falseSet.union(__ for _ in falseSet for __ in _.split()) - - candidates = filter(None, (_.strip() if _.strip() in trueRawResponse and _.strip() not in falseRawResponse else None for _ in (trueSet - falseSet))) - - if candidates: - candidates = sorted(candidates, key=lambda _: len(_)) - for candidate in candidates: - if re.match(r"\A\w+\Z", candidate): - break - - conf.string = candidate - - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) + infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code) logger.info(infoMsg) + else: + trueSet = set(extractTextTagContent(trueRawResponse)) + trueSet = trueSet.union(__ for _ in trueSet for __ in _.split()) - if not any((conf.string, conf.notString)): - candidates = filter(None, (_.strip() if _.strip() in falseRawResponse and _.strip() not in trueRawResponse else None for _ in (falseSet - trueSet))) + falseSet = set(extractTextTagContent(falseRawResponse)) + falseSet = falseSet.union(__ for _ in falseSet for __ in _.split()) + + candidates = filter(None, (_.strip() if _.strip() in trueRawResponse and _.strip() not in falseRawResponse else None for _ in (trueSet - falseSet))) if candidates: candidates = sorted(candidates, key=lambda _: len(_)) @@ -510,11 +497,25 @@ def checkSqlInjection(place, parameter, value): if re.match(r"\A\w+\Z", candidate): break - conf.notString = candidate + conf.string = candidate - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'")) + infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) logger.info(infoMsg) + if not any((conf.string, conf.notString)): + candidates = filter(None, (_.strip() if _.strip() in falseRawResponse and _.strip() not in trueRawResponse else None for _ in (falseSet - trueSet))) + + if candidates: + candidates = sorted(candidates, key=lambda _: len(_)) + for candidate in candidates: + if re.match(r"\A\w+\Z", candidate): + break + + conf.notString = candidate + + infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'")) + logger.info(infoMsg) + if not any((conf.string, conf.notString, conf.code)): infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title) logger.info(infoMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index a7ce78b3c..f72d24bb4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.6.51" +VERSION = "1.0.6.52" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")